package com.by.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

@Component
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    //配置认证信息来源
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
    }

    //配置web安全（可匿名访问的资源）
    @Override
    public void configure(WebSecurity web) throws Exception {
        //放开a.html,b.html
        //web.ignoring().antMatchers("/pages/a.html","/pages/b.html");
        //可匿名访问pages目录下所有的文件 第一个*，表示一个目录，第二个*啥文件都行
        //web.ignoring().antMatchers("/pages/**");

        web.ignoring().antMatchers("/login.html");
    }

    //配置http请求安全（认证、授权、退出）
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //认证
        http.formLogin()
                .loginPage("/login.html")//登录页
                .loginProcessingUrl("/login")//登录的url，告诉filter去处理
                .usernameParameter("username")//账号
                .passwordParameter("password")//密码
                .defaultSuccessUrl("/pages/main.html");//登录成功后要跳转的页面

//        //授权  authorize授权
//        http.authorizeRequests()
//                .anyRequest().authenticated();

        http.authorizeRequests()
//                .antMatchers("/pages/a.html").hasAnyAuthority("aaa")
//                .antMatchers("pages/b.html").hasAnyAuthority("bbb")
//                .antMatchers("/pages/c.html").hasRole("ADMINISTRATORS")
                .anyRequest().authenticated();

        //关闭跨站保护
        //crsf保护：确保使用的是spring security自己提供的登录页面。我们用自己的网页，要关闭crsf保护。
        http.csrf().disable();


        //退出
        http.logout()
                .logoutUrl("/logout") //退出的url
                .invalidateHttpSession(true);   //清空session
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }


//    public static void main(String[] args) {
//        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
//        String encodePwd = passwordEncoder.encode("211314");
//        System.out.println(encodePwd);
//
//        boolean flag = passwordEncoder.matches("211314", encodePwd);
//        System.out.println(flag);
//
//    }
}
